Secure and Measured Boot
Bridge leverages the NVIDIA BlueField-3 (BF3) DPU as a hardware root of trust for secure and measured boot on servers deployed in Zero Trust DPU mode. Rather than relying on the host server's main board for provisioning integrity, Bridge establishes trust from the DPU outward — validating firmware, OS images, and network configuration before the host is permitted to join the infrastructure.
Hardware Root of Trust
The BF3 DPU contains its own isolated ARM processor, secure boot chain, and cryptographic subsystem, independent of the x86 host CPU and BMC. This isolation means that even if the host's firmware is compromised, the DPU's boot process remains protected.
| Component | Role |
|---|---|
| BF3 DPU (ARM core) | Independent secure boot chain, isolated from x86 host |
| Digitally signed firmware | Firmware images are cryptographically signed and validated before execution |
| Encrypted OS images | OS images deployed to the DPU are encrypted at rest and verified on boot |
| OOB management network | All provisioning communication is carried on the out-of-band network, isolated from tenant traffic |
Bridge configures BF3 into Zero Trust DPU mode during Day 0 provisioning. In this mode, the host server is provisioned and managed exclusively through the DPU — no direct access to the host's BMC is required for ongoing operations.
DPU Boot and Host Discovery Sequence
The DPU boot and host discovery sequence proceeds in five phases, orchestrated by Bridge over the OOB management network:
Phase 0: Pre-Discovery
Bridge runs a background loop (every 12 hours) querying the BMC via Redfish to retrieve hardware details — compute trays, DPU presence, and power state — before provisioning begins.
Phase 1: DPU First Boot
- Bridge detects the DPU via MAC address and assigns IP, gateway, and MTU parameters.
- Bridge retrieves pre-boot instructions for the DPU interface.
- The DPU performs a PXE boot and executes the Bridge bootstrap image.
- Bridge collects hardware details (
DiscoverMachine) from the DPU, creating a DPU machine record in inventory. - A host machine record is proactively created in a waiting state, pending host discovery.
- A machine identity certificate is issued to the DPU.
- Bridge updates BMC metadata and marks DPU discovery complete.
Phase 2: DPU Firmware Update
If the DPU firmware version does not match the required baseline, Bridge initiates a firmware update:
- Bridge power-cycles the DPU via Redfish.
- The DPU performs a second PXE boot with the updated firmware image.
- Hardware discovery is repeated to confirm the updated firmware version.
Phase 3: DPU Network Configuration
After firmware validation, Bridge applies network configuration to the DPU:
- The Forge agent on Bridge applies HBN (Host-Based Networking) configuration via the OOB network.
- IP interfaces, VRFs, and ACLs are programmed on the DPU.
- The DPU reports configuration applied and transitions to Ready state.
Phase 4: Host Discovery
With the DPU operational, Bridge provisions the host server through the DPU:
- Bridge detects the host over the DPU's management channel.
- The host performs a PXE boot and runs the Bridge Scout agent.
- Scout reports hardware details (CPU, memory, PCIe devices, GPU model) back to Bridge.
- Bridge matches the host against the proactively created host record.
- If hardware attestation is enabled, Bridge generates and delivers an attestation challenge to the host Scout agent at this stage.
Phase 5: Host Validation and Ready
- The DPU agent confirms the host reboot observation.
- Bridge applies final configuration to the host (OS packages, CUDA, MOFED, kernel modules).
- The host transitions to Ready state and is available for compute allocation.
No tenant traffic is permitted to reach the host until all network isolation and security configuration steps are complete.
Secure Boot for DPU Firmware and OS Images
Bridge deploys only digitally signed and verified firmware and OS images to BF3 DPUs:
| Asset | Signing Method |
|---|---|
| DPU firmware | NVIDIA-signed firmware packages, validated against NVIDIA's certificate chain |
| DPU OS image | Bridge-signed image, validated by the DPU secure boot loader before execution |
| DPU DOCA services | Container images signed and validated before deployment |
The DPU secure boot loader rejects any unsigned or tampered image before execution begins, preventing unauthorized code from running on the DPU.
Secure Firmware Updates
Bridge manages DPU firmware lifecycle as part of the provisioning sequence. Firmware updates are applied only when the current firmware version does not match the required baseline, and the update is validated before the DPU resumes normal operation. Firmware downgrade attempts are blocked.
Related Pages
- Hardware Attestation — TPM-based platform measurement and verification
- BlueField-3 (BF3) — DPU provisioning and Zero Trust DPU mode architecture
- Metal Provisioning Overview — Full provisioning sequence for bare metal servers